Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0770 | 1 Ikonboard.com | 1 Ikonboard | 2016-10-18 | 7.5 HIGH | N/A |
| FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement. | |||||
| CVE-2003-0771 | 1 Apache Gallery | 1 Apache Gallery | 2016-10-18 | 4.6 MEDIUM | N/A |
| Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does. | |||||
| CVE-2003-0805 | 1 University Of Minnesota | 1 Gopherd | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type. | |||||
| CVE-2003-0826 | 1 Gnu | 1 Lsh | 2016-10-18 | 7.5 HIGH | N/A |
| lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack. | |||||
| CVE-2003-0827 | 1 Ibm | 1 Db2 Universal Database | 2016-10-18 | 5.0 MEDIUM | N/A |
| The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523. | |||||
| CVE-2003-0835 | 1 Mplayer | 1 Mplayer | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname. | |||||
| CVE-2003-0839 | 1 Microsoft | 1 Windows 2003 Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. | |||||
| CVE-2003-0840 | 1 Hp | 1 Hp-ux | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable. | |||||
| CVE-2003-0842 | 1 Dag Apt Repository | 1 Mod Gzip | 2016-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header. | |||||
| CVE-2003-0843 | 1 Dag Apt Repository | 1 Mod Gzip | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header. | |||||
| CVE-2003-0844 | 1 Dag Apt Repository | 1 Mod Gzip | 2016-10-18 | 2.1 LOW | N/A |
| mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. | |||||
| CVE-2003-0846 | 1 Suse | 1 Suse Linux | 2016-10-18 | 4.6 MEDIUM | N/A |
| SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file. | |||||
| CVE-2003-0847 | 1 Suse | 1 Suse Linux | 2016-10-18 | 4.6 MEDIUM | N/A |
| SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file. | |||||
| CVE-2003-0638 | 1 Novell | 1 Ichain | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login." | |||||
| CVE-2003-0655 | 1 Cdrtools | 1 Cdrtools | 2016-10-18 | 7.2 HIGH | N/A |
| rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges. | |||||
| CVE-2003-0656 | 1 Eroaster | 1 Eroaster | 2016-10-18 | 2.1 LOW | N/A |
| eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile. | |||||
| CVE-2003-0633 | 1 Oracle | 2 Applications, E-business Suite | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key. | |||||
| CVE-2003-0676 | 1 Sun | 2 Iplanet Directory Server, One Directory Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences. | |||||
| CVE-2003-0650 | 1 Gamespy | 1 Arcade | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file. | |||||
| CVE-2003-0639 | 1 Novell | 1 Ichain | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication. | |||||
| CVE-2003-0685 | 1 Netris | 1 Netris | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response. | |||||
| CVE-2003-0728 | 1 Horde | 1 Horde | 2016-10-18 | 6.4 MEDIUM | N/A |
| Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. | |||||
| CVE-2003-0625 | 1 Xfstt | 1 Xfstt | 2016-10-18 | 6.4 MEDIUM | N/A |
| Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response. | |||||
| CVE-2003-0635 | 1 Novell | 1 Ichain | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM. | |||||
| CVE-2003-0628 | 1 Peoplesoft | 1 Peopletools | 2016-10-18 | 5.0 MEDIUM | N/A |
| PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value. | |||||
| CVE-2003-0629 | 1 Peoplesoft | 1 Peopletools | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript. | |||||
| CVE-2003-0630 | 1 Atari800 | 1 Atari800 | 2016-10-18 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument. | |||||
| CVE-2003-0729 | 1 Tellurian | 1 Tftpdnt | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename. | |||||
| CVE-2003-0631 | 1 Vmware | 2 Gsx Server, Workstation | 2016-10-18 | 7.2 HIGH | N/A |
| VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session. | |||||
| CVE-2003-0730 | 2 Netbsd, Xfree86 Project | 2 Netbsd, X11r6 | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. | |||||
| CVE-2003-0632 | 1 Oracle | 2 Applications, E-business Suite | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2003-0652 | 1 Xtokkaetama | 1 Xtokkaetama | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611. | |||||
| CVE-2003-0735 | 1 Phpwebsite | 1 Phpwebsite | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter. | |||||
| CVE-2003-0554 | 1 Neomodus | 1 Direct Connect | 2016-10-18 | 5.0 MEDIUM | N/A |
| NeoModus Direct Connect 1.0 build 9, and possibly other versions, allows remote attackers to cause a denial of service (connection and possibly memory exhaustion) via a flood of ConnectToMe requests containing arbitrary IP addresses and ports. | |||||
| CVE-2003-0553 | 1 Netscape | 1 Navigator | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename. | |||||
| CVE-2003-0557 | 1 Lagarde | 1 Storefront | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field. | |||||
| CVE-2003-0620 | 1 Andries Brouwer | 1 Man | 2016-10-18 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable. | |||||
| CVE-2003-0617 | 1 Hugo Rabson | 1 Mindi | 2016-10-18 | 4.6 MEDIUM | N/A |
| mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | |||||
| CVE-2003-0590 | 1 Splatt | 1 Splatt Forum | 2016-10-18 | 7.1 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field. | |||||
| CVE-2003-0589 | 1 Digi-fx | 1 Digi-news | 2016-10-18 | 10.0 HIGH | N/A |
| admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password. | |||||
| CVE-2003-0588 | 1 Digi-fx | 1 Digi-news | 2016-10-18 | 10.0 HIGH | N/A |
| admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password. | |||||
| CVE-2003-0597 | 1 Sco | 1 Openserver | 2016-10-18 | 7.2 HIGH | N/A |
| Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges. | |||||
| CVE-2003-0587 | 1 Infopop | 1 Ultimate Bulletin Board | 2016-10-18 | 6.9 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie. | |||||
| CVE-2003-0586 | 1 Brooky | 1 Estore | 2016-10-18 | 7.5 HIGH | N/A |
| Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php. | |||||
| CVE-2003-0585 | 1 Brooky | 1 Estore | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters. | |||||
| CVE-2003-0584 | 1 Tolis Group | 1 Bru | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument. | |||||
| CVE-2003-0583 | 1 Tolis Group | 1 Bru | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2003-0581 | 1 Xfstt | 1 Xfstt | 2016-10-18 | 7.5 HIGH | N/A |
| X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access. | |||||
| CVE-2003-0580 | 1 Ibm | 1 U2 Universe | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument. | |||||
| CVE-2003-0579 | 1 Ibm | 1 U2 Universe | 2016-10-18 | 4.6 MEDIUM | N/A |
| uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user. | |||||